Updated on May 17, 2018
With the constant need for stricter data protection laws and regulations, businesses are grasping the importance of properly securing their data to avoid high penalties and cost of data loss. Self-Encrypting Drives or SEDs are storage devices that automatically encrypt data without any user interaction.
AES Encryption
This form of encryption is the standard for the U.S. government and it is not easy to break. It has been calculated by experts that it would take a billion years to crack an AES key.
Hardware – Based Encryption
TPM is considered the standard as a hardware root of trust for crypto processors, which includes encryption key generation as well as tamper-resistant key storage. With this type of encryption, all bits are encrypted automatically without any user interaction and this provides another level of security against an intrusion.
Authentication
Authentication is a process in which the credentials provided are compared to those on file in a database of authorized users’ information on a local operating system or within an authentication server. If the credentials match, the process is completed and the user is granted authorization for access to the data.
Sanitization
Various methods of sanitization are available for organizations based on the level of data protection required. The three different categories of sanitization for media are:Clear, Purge, and Destroy.
Clear
A method of sanitization by applying logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques using the same interface available to the user; typically applied through the standard read and write commands to the storage device, such as by rewriting with a new value or using a menu option to reset the device to the factory state (where rewriting is not supported).
Purge
A method of sanitization by applying physical or logical techniques that renders Target Data recovery infeasible using state of the art laboratory techniques.
Destroy
A method of sanitization that renders Target Data recovery infeasible using state of the art laboratory techniques and results in the subsequent inability to use the media for storage of data.
ATA Security Erase
The ATA Security command set specifies a SECURITY ERASE UNIT command that erases all accessible user data by writing all binary 0’s or 1’s. It has an ENHANCED ERASE mode that erases all reallocated user data and writes a vendor specific data pattern. Although all data in the user-accessible space is completely erased, some data may still physically reside on the SSD.
Crypto Erase and Secure Erase
When executing a crypto erase, the host can scramble the media encryption key (MEK) via the built-in random number generator or specify a user-generated MEK. This renders the data unreadable almost instantly.
The demand for more secure IoT solutions will give SEDs a strong foothold in the industrial SSD market. SEDs offer these features and provide the best benefits in terms of performance, security, and cost.